Internal NSA audits found thousands of cases in which the spying agency collected, stored and possibly searched data belonging to private citizens that it was not authorized to view, much less acquire.
The revelations come from a report by The Washington Post based on information provided by fugitive whistle-blower Edward Snowden. They contradict repeated assurances from senior officials in the Obama administration and the NSA that the agency’s surveillance programs have operated according to adequate, lawful and internally consistent privacy protections.
Such inappropriate or unlawful retention ranged from what an administration official told the Post was human error, to seeming technological flaws, to collection efforts that inherently involved transgressing the few boundaries that have existed on NSA bulk collection since 2008, when Congress broadened a basic law of surveillance, the Foreign Intelligence Surveillance Act.
In one such case, an unspecified “incident” led to the retention of 3,032 files that the secret Fisa court had ordered NSA to destroy. Another involved the diversion of international communications traffic passing over through fiber-optic cables in the United States into a “repository” for temporary “processing and selection” – something that the Fisa court in 2011 ruled a violation the fourth amendment of the US constitution.
A third involved the interception of an unspecified “large number” of phone records from the Washington DC 202 area code in 2008, when an NSA “programming error” improperly entered 202 instead of 20, the country code for Egypt. The Post reported that the NSA did not report that improper interception of American communications to Congress or the Fisa court.